8 Replies Latest reply on Jul 16, 2012 12:05 AM by enslinm

    Help with exclusions for Groupwise on OES

    enslinm

      Hi Everyone,

       

      I am faced with a major issue when I install McAfee VSE for Linux on a OES server running Novell Groupwise. The install goes perfectly, I push the ePO agent from my ePO and it pushes successfully without any issues and everything still operates as it should. The ePO agent runs perfectly without any service disruptions as per below:

       

      # /etc/init.d/cma status

       

       

      cma (pid 3094) is running...

       

       

      The moment I install VSE for Linux 1.7 (sh McAfeeVSEForLinux-1.7.0-installer) and follow the steps the install goes perfect, without any issues. The moment the nails service starts and I verify this with "/etc/init.d/nails status", Groupwise stops functioning, basically all communication to Groupwise is stopped/blocked. Everything else still works perfectly (user shares, server access via ssh or VNC, etc. etc.)

       

      My policy is currently setup as follows:

       

      Detections Tab:

      What to scan

      • Specified File types:
        • /media/nss/SHARE/
        • /media/nss/VOL1/
        • /media/nss/USERS/

      What not to scan

      • **/*

       

       

      Can someone please assist me with this issue I am faced with ?

       

      I have been faced with this issue for some time now and I cannot seem to find any info on this matter.

       

      Your assistance would be greatly appreciated.

       

      Ciao,

      Enslinm

        • 1. Re: Help with exclusions for Groupwise on OES
          mat.kordell

          I accidently deployed VS 8.8i to an exchange server once with the standard workstation policy enabled and exchange stops functioning.  Take this with a grain of salt, given that mine is on windows and that I don't remember the specifics of what was causing the problem but esentially one of the behavioral protection features blocked all mail trafic because it assumed that you had a worm which was trying to be part of a SPAM botnet.

           

          I would start by going into the policy and looking for anything like that.  If nothing jumps out at you, try turning everything off in the policy so that VS is installed but not doing much of anything and then turning on features 1 by 1 until you find the culprit.

          • 2. Re: Help with exclusions for Groupwise on OES

            If you are going to run an Anti-Virus agent on the server running the GroupWise services, you need omit all GroupWise file structures from the A/V scanning as outlined in the GroupWise dcoumentation at

            http://www.novell.com/documentation/groupwise2012/gw2012_readme_full/data/gw2012 _readme_full.html#bsxn4xm

             

            If this McAfee VSE for Linux also does TCP/IP protection (firewalling), you need to allow the various GroupWise TCP/IP Ports through.  A list of these IP Ports for GroupWise are at

            http://www.novell.com/documentation/groupwise2012/pdfdoc/ProtocolFlowDiagram/por ts_protocolflow_a.pdf

            http://www.novell.com/documentation/groupwise2012/gw2012_guide_admin/data/bv5bw9 l.html

             

            Message was edited by: gwguruman on 7/4/12 8:45:58 PM CDT

             

            Message was edited by: gwguruman on 7/4/12 8:46:21 PM CDT
            • 3. Re: Help with exclusions for Groupwise on OES
              enslinm

              Hi guys,

               

              Thanks for the info and the assistance so far.

               

              I had a look at the policy again now, the only policy that I can apply/enforce on VSE for Linux 1.7.0 is the On-Access Scanning policy as in the image below, but I cannot find a place inside the policy to exclude the GroupWise ports. I have spoken to our one Linux enigeer and he made me aware that the firewall on all of our OES servers have been disabled completely.

              epo1.jpg

               

              With regards to omitting the GroupWise file structure, I am not a GroupWise engineer and what I know about GroupWise is just how to use the GroupWise client for email, lol. Can you perhaps assist with the structure or point me in the right direction of where I can find the structure to exclude in the scanning policy ?

               

              I have my policy setup as per the image below but I do not know if the policy is setup correctly.

              epo.jpg

              Thanks again for the help so far.

               

              Ciao,

              Enslinm

              • 4. Re: Help with exclusions for Groupwise on OES

                The SLES OS firewall being disabled is good.  I do not know the VSE for Linux product, so I do not know if it does firewall equivalent functions to manage TCP/IP Ports.  If it does, you need to allow the IP Ports through for the GroupWise services running on that Linux server.

                 

                As for the GroupWise file structures, you need to ask your GroupWise administrator where he placed them.  It can be anywhere on the Linux native file system or on the Novell NSS file system at any location.  Since you have Novell OES installed on your SLES OS, the GroupWise administrator most likely put it on the Novell NSS file system that is mounted off of /media/nss/... .  Reading above, you listed for the Volume Names of - SHARE, VOL1, and USERS.  So what volume did the GroupWise administrator put the GroupWIse files on?  The volume used for GroupWise is usually placed on a Volume that is "dedicated" for GroupWise, like MAIL.  It should never be shared with end user files or any other server application.  The Volume also needs to be tuned for GroupWIse, be it a Native Linux file system or the Novell NSS file system.  Maybe the VOL1 volume is it.  I can not tell you.

                 

                So having an A/V file scanner scanning a GroupWise file structure today will cause "havoc" on the GroupWise messaging system.  Note:  The GroupWise file system is already encrypted and compressed, so any A/V scanner solution running against it will not work, ever.  You have to protect the outer perimerter of the GroupWise messaging system from allowing any viruses to enter.  The users workstations, the SMTP transport, and the GroupWise WebAccess service (there is a certain directory you let your A/V scanner scan to protect the GroupWise WebAccess service).  There are some A/V solutions out there that do scan with the GroupWise file structure using a GroupWise Trusted Application apporach.

                 

                Here is a very old article on protecting GroupWise 6 with A/V solutions, it still will apply today to GroupWise 2012 somewhat - http://www.novell.com/connectionmagazine/2002/02/virus22.pdf  (I just could not find a more recent article on this topic for GroupWise 2012).

                1 of 1 people found this helpful
                • 5. Re: Help with exclusions for Groupwise on OES
                  enslinm

                  @gwguruman, thanks for the info, I really appreciate it. You have given me a lot of information to process.

                   

                  As far as I am aware, VSE for Linux does not install a firewall as standard, but I may be wrong. This is my first implementation on a Linux/GroupWise configuration, I have only done the install on a Microsoft Environment.

                   

                  Thanks, I will ask our GW administrator for assistance with the paths. As far as I know there is a MAIL volume as well and all volumes are on the NSS filesystem. I presume that I need to exclude that path explicitly on the "What not to scan" part of the policy. I will give it a try and see how it goes. My only concern is that I do not have a testing environment so everything happens on the live environment and if there are issues where GW goes down again, I will have a diciplinary and can loose my job, so basically I want to gather as much information as I can before attempting to do the install again.

                   

                  Thank you for the article, I am busy reading through it now.

                   

                  Ciao,

                  Enslinm

                  • 6. Re: Help with exclusions for Groupwise on OES

                    Your welcome.

                     

                    You can download a fully functional free evaluation copy of GroupWise 2012 off Novell's web site at http://download.novell.com/Download?buildid=X95cxyoSSiE~

                     

                    Novell states this about the evaluation version - "With this evaluation version of GroupWise 2012, you can create a test GroupWise system that includes any number of domains, postoffices, and users. This evaluation software cannot legally beinstalled and run in a production environment."

                     

                    Work with your GroupWise administrator to create a test lab version of GroupWise with one Domain (GWMTA), one PO (GWPOA) and a GWIA Gateway and a WebAccess Gateway.  This way you have all the GroupWise services on one Linux server to test VSE for Linux on.

                     

                    Spin this all up under the free VMware ESXi 5 software to do all your testing.  Take a VMware Snapshot of the setup at various stages of your testing.

                    • 7. Re: Help with exclusions for Groupwise on OES

                      How is it going Enslinm ?

                      • 8. Re: Help with exclusions for Groupwise on OES
                        enslinm

                        Hi gwguruman,

                         

                        I have been side tracked a bit with some other issues that needed my urgent attention.

                         

                        With regards to all the McAfee issues we are faced with, I have resorted to speaking a McAfee engineer for on-site assistance with all the issues we are faced with.

                         

                        Thanks a mil for the help and assistance.

                         

                        Regards,

                        Enslinm